Solving the Hard Problem of
Patron Privacy in Digital Libraries
“The right to be left alone — the most comprehensive of rights, and the right most valued by civilized men. To protect that right, every unjustifiable intrusion by the government upon the privacy of the individual, whatever the means employed, must be deemed a violation of the Fourth Amendment.”
- Justice Louis Brandeis
A library should only collect, retain, and disclose members’ personal information so that it can provide or improve services. The law prevents us from selling demographic details and reading lists for commercial gain, or even giving away identifying data about your use of the library to the public. Requests to violate these rules can be as innocent as, “can you tell me who has that book out because I think they’re in my class,” or more sinister, as in, “I think my son is gay so you need to show me the books he’s read” (the latter example is why a parent, who is liable for the fines their children accrue, still cannot see what was checked out).
Businesses would love to get ahold of library records for marketing purposes, and law enforcement always has a keen interest in gathering as much precautionary data as possible. Libraries do this too. One of the reasons we track who has what checked out is to know who to go after if the books aren’t returned. My library also has safety and security video cameras in the building, and archives the footage. When a crime is committed on the premises, we now have evidence that aids in the investigation and prosecution. This is not a bad thing, just as reverse surveillance, in cases from Rodney King to Eric Garner, has likewise shone a light on police misconduct.
At some point, personal information can be aggregated into generic use statistics, meaning that patron records are then only being kept not for our or our users’ benefit, but to potentially fall to a security breach or be subpoenaed. Where to draw the line that strikes the best balance of privacy and security is of course a matter of debate. Yet librarians have long been concerned over the authoritarian process for law enforcement obtaining library records. The “baseless hysteria” over the Patriot Act’s so-called library provisions regarding warrantless surveillance and gag orders led to librarians making canary signs and even challenging the law.
But while we’re off wiping histories, scrubbing logs, and purging records, library users may want even more data than we keep. For patrons wishing to personalize library interfaces, some tools now offer this capability (yet customization itself is not a panacea: one consequence of individually-tailored search is the way filter bubbles disrupt objective results and play to confirmation biases). For readers who want to retain access to a permanent record of their viewing habits, products are becoming available that track this information too. Ideally, such services would provide individuals with the ability to opt-in and opt-out of such data collection features, and include a system which anonymizes the stored information as much as possible.
This is really the easy challenge of what’s often pitched as a dichotomy of “privacy versus customization.” A much harder problem is libraries dealing with cloud-hosted commercial applications where we surrender control over the flow of personal data in electronic formats that we can no longer directly safeguard. Our new library enterprise system isn’t even hosted in this state, for example. Just as “digital ownership” is becoming a contradiction in terms, as our freedom to read is being curtailed by licensing restrictions, libraries can no longer guarantee their patrons’ privacy because they outsource the gathering and management of personal information.
Moreover, nowadays the refrain of “you have no privacy” is becoming a reality. People who actually examine their privacy policies and settings are starting to stand out and look as goofy as the people sporting those facial recognition countermeasures. The Fourth Amendment, Article Twelve of the Universal Declaration of Human Rights, and our reasonable expectation of privacy have all gone out the window thanks to advances in the technological capabilities for massive data collection to be made by governments and companies alike.
Leaks in recent years have shown how widespread the scope of surveillance efforts are by governments with little regard for due process. And advertising companies are not giving away analytics trackers out of the goodness of their hearts, either. Information about the web’s use is traded as a commodity. Knowledge equals profit. When corporations constantly change their privacy policies to their customers’ detriment, Google’s CEO says, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,” and Yahoo! helps imprison Chinese dissidents, it’s clear that commercial entities are not consumer advocates when it comes to privacy.
So what can libraries do?
- Educate users how to assert their privacy rights and safeguard their information. For example, show them how much of their Facebook profile is visible to the public, and where to change that. Promote the knowledge that privacy matters.
- Negotiate with vendors regarding their privacy practices. Just as you shouldn’t be licensing products that aren’t usable and accessible, any purchased platform should adhere to your existing privacy policies.
- Ensure that personal records are not being created or retained without necessity. Conduct a privacy and security audit, and verify you have policies and procedures in place to minimize risks and that all library workers know about.
As librarians, we have a duty and an opportunity to keep citizens informed and protected. Our loss of autonomy as independent institutions, each off doing their own thing and reinventing the wheel, is a good thing. By advocating for responsible policy development and practicing patron-based data curation, library privacy will not go the way of the card catalog.